Security Essentials, Textbook page 462

Copyright Goodheart-Willcox Co., Inc. 462 Security Essentials Threats to Wireless Security Transmissions on wireless networks do not follow set paths to and from their des- tinations. Except in a highly secured facility, there is simply no way to protect radio signals from interception. Furthermore, wireless networks, such as Bluetooth sys- tems, NFC devices, RFID systems, and WLANs, are relatively easy to set up and deploy, which makes them targets for hackers. Examples of threats to wireless secu- rity include the following. Replay Attacks A replay attack is an attack in which a hacker captures login credentials during an initial attack, stores them, and retransmits them at another time. The hacker could also capture encrypted information and send it later without breaking the encryption on the credentials. Replay attacks are low-tier man-in-the-middle (MITM) attacks since they require an attacker to intercept information in transit. Website owners often record users’ interactions with their web pages. They record mouse clicks, moves, and input to analyze usability. However, if not secured properly, this information can be used maliciously. A session replay attack, also known as a playback attack, is a type of replay attack in which an attacker steals a session ID and reuses it to impersonate an authorized user. The fundamental difference between a session replay and standard replay attack is that a session replay essentially recreates a user’s time spent on a website or application as opposed to just a login attempt. Evil Twin An evil twin router is an illegitimate router that carries the same SSID as the desired AP. Evil twin routers are considered a type of rogue router or rogue access point. A rogue access point (rogue AP) is an unauthorized access point that enables a hacker to circumvent network security. Evil twins are often used to commit MITM 1.3 1.3 1.4 Server Wi-Fi AP Wi-Fi AP Basic Service Set (BSS) Basic Service Set (BSS) Extended Service Set (ESS) Goodheart-Willcox Publisher (server) Sujith RS/Shutterstock.com (computers) romvo/Shutterstock.com (routers) RealVector/Shutterstock.com Figure 14-9 The name of a wireless network is known as its service set identifier (SSID). Smaller networks are usually configured as a basic service set (BSS), and larger networks with multiple APs use an extended service set (ESS).

Previous Page Next Page

Security Essentials, Textbook Page 462 (476 of 704)

Help